From e89d755c523065a257d34dff9a88df97fc1908b3 Mon Sep 17 00:00:00 2001
From: Noel Georgi <git@frezbo.dev>
Date: Mon, 11 Mar 2024 16:06:50 +0530
Subject: [PATCH] fix: etcd config validation for worker

Fixes an ambigious error when etcd config is supplied to a worker as a
patch.

Signed-off-by: Noel Georgi <git@frezbo.dev>
---
 .../types/v1alpha1/v1alpha1_validation.go     | 12 +++++--
 .../v1alpha1/v1alpha1_validation_test.go      | 36 +++++++++++++++++++
 2 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go b/pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go
index 737cc5090..511f352f3 100644
--- a/pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go
+++ b/pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go
@@ -86,7 +86,7 @@ func (c *Config) Validate(mode validation.RuntimeMode, options ...validation.Opt
 		return nil, result.ErrorOrNil()
 	}
 
-	if err := c.ClusterConfig.Validate(); err != nil {
+	if err := c.ClusterConfig.Validate(c.Machine().Type().IsControlPlane()); err != nil {
 		result = multierror.Append(result, err)
 	}
 
@@ -334,7 +334,9 @@ func isValidDNSName(name string) bool {
 }
 
 // Validate validates the config.
-func (c *ClusterConfig) Validate() error {
+//
+//nolint:gocyclo
+func (c *ClusterConfig) Validate(isControlPlane bool) error {
 	var result *multierror.Error
 
 	if c == nil {
@@ -358,7 +360,11 @@ func (c *ClusterConfig) Validate() error {
 	}
 
 	if c.EtcdConfig != nil {
-		result = multierror.Append(result, c.EtcdConfig.Validate())
+		if isControlPlane {
+			result = multierror.Append(result, c.EtcdConfig.Validate())
+		} else {
+			result = multierror.Append(result, errors.New("etcd config is only allowed on control plane machines"))
+		}
 	}
 
 	result = multierror.Append(
diff --git a/pkg/machinery/config/types/v1alpha1/v1alpha1_validation_test.go b/pkg/machinery/config/types/v1alpha1/v1alpha1_validation_test.go
index 3002ecb0c..18e7dc3c6 100644
--- a/pkg/machinery/config/types/v1alpha1/v1alpha1_validation_test.go
+++ b/pkg/machinery/config/types/v1alpha1/v1alpha1_validation_test.go
@@ -1004,6 +1004,42 @@ func TestValidate(t *testing.T) {
 			},
 			expectedError: "2 errors occurred:\n\t* cluster discovery service requires .cluster.id\n\t* cluster discovery service requires .cluster.secret\n\n",
 		},
+		{
+			name: "EtcdMissingCa",
+			config: &v1alpha1.Config{
+				ConfigVersion: "v1alpha1",
+				MachineConfig: &v1alpha1.MachineConfig{
+					MachineType: "controlplane",
+				},
+				ClusterConfig: &v1alpha1.ClusterConfig{
+					ControlPlane: &v1alpha1.ControlPlaneConfig{
+						Endpoint: &v1alpha1.Endpoint{
+							endpointURL,
+						},
+					},
+					EtcdConfig: &v1alpha1.EtcdConfig{},
+				},
+			},
+			expectedError: "1 error occurred:\n\t* key/cert combination should not be empty\n\n",
+		},
+		{
+			name: "EtcdConfigProvidedForWorker",
+			config: &v1alpha1.Config{
+				ConfigVersion: "v1alpha1",
+				MachineConfig: &v1alpha1.MachineConfig{
+					MachineType: "worker",
+				},
+				ClusterConfig: &v1alpha1.ClusterConfig{
+					ControlPlane: &v1alpha1.ControlPlaneConfig{
+						Endpoint: &v1alpha1.Endpoint{
+							endpointURL,
+						},
+					},
+					EtcdConfig: &v1alpha1.EtcdConfig{},
+				},
+			},
+			expectedError: "1 error occurred:\n\t* etcd config is only allowed on control plane machines\n\n",
+		},
 		{
 			name: "GoodEtcdSubnet",
 			config: &v1alpha1.Config{